Removed o=com dependency, some refactoring, added field validation

git-svn-id: https://svn.mozilla.org/projects/pto/trunk@48650 4eb1ac78-321c-0410-a911-ec516a8615a5
2009-08-05 22:52:01 +00:00 · 2009-08-05 22:52:01 +00:00 · fd545b3621
--- a/2
+++ b/2
@ -11,7 +11,7 @@ Install
 LDAP assumptions
 - 'manager' field contains a dn pointing to manager's record
 - everyone has a 'manager' (not true for mitchell and lilly)
- everyone's 'mail' field ends with "@mozilla.com"
+- *@mozilla* can be used to glob everyone's email address

 TODO
 - 
--- a/auth.php
+++ b/auth.php
@ -16,8 +16,13 @@ if (!isset($_SERVER["PHP_AUTH_USER"])) {
  wail_and_bail();
 } else {
  // Check for validity of login
-  if (preg_match("/[a-z]+@mozilla\\.com/", $_SERVER["PHP_AUTH_USER"])) {
-    $dn = "mail=". $_SERVER["PHP_AUTH_USER"] .",o=com,dc=mozilla";
+  $user = $_SERVER["PHP_AUTH_USER"];
+  if (preg_match('/[a-z]+@(mozilla.*)\.(.{3})/', $user, $m)) {
+    if ($m[1] == "mozillamessaging" && $m[2] == "com") {
+      $m[1] = "mozilla";
+      $m[2] = "net";
+    }
+    $dn = "mail=$user,o={$m[2]},dc={$m[1]}";
    $password = $_SERVER["PHP_AUTH_PW"];
  } else {
    wail_and_bail();
--- a/export.php
+++ b/export.php
@ -16,7 +16,7 @@ $notifier_name = $data[0]["cn"][0];

 $manager_dn = $data[0]["manager"][0];
 // "OMG, not querying LDAP for the real email? That's cheating!"
-preg_match("/mail=([a-z]+@mozilla\\.com),/", $manager_dn, $matches);
+preg_match("/mail=([a-z]+@mozilla.*),o=/", $manager_dn, $matches);
 $manager_email = $matches[1];
 $is_hr = in_array($manager_email, $hr_managers);
 // Exclude details from non-HR personnel
@ -48,7 +48,7 @@ if (function_exists($output_function)){
 require_once "./templates/header.php";
 ?>
  <h1>PTO Notifications</h1>
-  <p>Herro thar, <?= str_replace("@mozilla.com", '', $notifier_email) ?>.</p>
+  <p>Herro thar, <?= email_to_alias($notifier_email) ?>.</p>
  <ul id="views">
    <li><a id="view-all">All</a></li>
    <li><a id="view-today">Today</a></li>
@ -143,7 +143,7 @@ require_once "./templates/header.php";
      
      var K = function(x) { return x; };
      var formatters = {
-        id: K, person: function(x) x.replace(/@mozilla\.com$/, ''), hours: K,
+        id: K, person: function(x) x.replace(/@mozilla.*$/, ''), hours: K,
        added: fdate, start: fdate, end: fdate, details: K
      };

--- a/filtering.inc
+++ b/filtering.inc
@ -33,7 +33,7 @@ if ($from_time || $to_time) {

 // Person filtering / querying
 if (!empty($_GET["person"])) {
-  $conditions[] = 'person LIKE "%'. htmlspecialchars($_GET["person"], ENT_QUOTES) .'%mozilla.com"';
+  $conditions[] = 'person LIKE "%'. htmlspecialchars($_GET["person"], ENT_QUOTES) .'%mozilla%"';
 }

 // ID overrides everything else
--- a/index.php
+++ b/index.php
@ -12,7 +12,7 @@ $notifier_email = $_SERVER["PHP_AUTH_USER"];
 $notifier_name = $data[0]["cn"][0];

 $manager_dn = $data[0]["manager"][0];
-preg_match("/mail=([a-z]+@mozilla\\.com),/", $manager_dn, $matches);
+preg_match("/mail=([a-z]+@mozilla.*),o=/", $manager_dn, $matches);
 $manager_email = $matches[1];

 $data = ldap_find(
@ -27,7 +27,7 @@ $notified_people[] = $manager_name ." <". $manager_email .'>';
 require_once "./templates/header.php";
 ?>
    <h1>PTO Notification</h1>
-    <p>O hai, <?= str_replace("@mozilla.com", '', $notifier_email) ?>. Submit your PTO notification here. <a href="https://intranet.mozilla.org/Paid_Time_Off_%28PTO%29">All your PTO are belong to us</a>.</p>
+    <p>O hai, <?= email_to_alias($notifier_email) ?>. Submit your PTO notification here. <a href="https://intranet.mozilla.org/Paid_Time_Off_%28PTO%29">All your PTO are belong to us</a>.</p>
    <form action="submit.php" method="post" name="pto-notify">
      <table><tbody>
      <tr>
--- a/output.inc
+++ b/output.inc
@ -58,7 +58,7 @@ function output_atom($data) {
  print "<author><name>Mozilla PTO</name></author>";
  foreach ($data as $pto) {
    $pto["email"] = $pto["person"];
-    $pto["person"] = str_replace("@mozilla.com", '', $pto["person"]);
+    $pto["person"] = email_to_alias($pto["person"]);
    $start = date("m/d/y", $pto["start"]);
    $end = date("m/d/y", $pto["end"]);
    $range = ($start == $end) ? "on $start" : "from $start to $end";
@ -103,7 +103,7 @@ X-WR-CALNAME:PTOs

 EOD;
  foreach ($data as $pto) {
-    $pto["person"] = str_replace("@mozilla.com", '', $pto["person"]);
+    $pto["person"] = email_to_alias($pto["person"]);
    // Line breaks and commas must be escaped.
    $pto["details"] = str_replace(", ", '\, ', $pto["details"]);
    $pto["details"] = str_replace("\n", '\n', $pto["details"]);
--- a/pto.inc
+++ b/pto.inc
@ -4,7 +4,7 @@ require_once("FirePHPCore/fb.php");
 ob_start();

 function ldap_find($connection, $filter, $attributes) {
-  $search = ldap_search($connection, "o=com, dc=mozilla", $filter, $attributes);
+  $search = ldap_search($connection, "dc=mozilla", $filter, $attributes);
  return ldap_get_entries($connection, $search);
 }

@ -19,3 +19,9 @@ function maketime($slashed_date) {
  }
  return $t;
 }
+
+function email_to_alias($email) {
+  $alias = explode('@', $email);
+  return $alias[0];
+}
+
--- a/submit.php
+++ b/submit.php
@ -3,15 +3,36 @@ require_once("config.php");
 require_once("pto.inc");
 require_once("auth.php");

+$validations = array(
+  "hours" => '/^\d+$/',
+  "start" => '/^[01]\d\/[0-3]\d\/\d{4}$/',
+  "end" => '/^[01]\d\/[0-3]\d\/\d{4}$/'
+);
+$failures = array();
+foreach ($validations as $field => $pattern) {
+  if (!preg_match($pattern, $_POST[$field])) {
+    $failures[] = $field;
+  }
+}
+if (!empty($failures)) {
+  require_once "./templates/header.php";
+  print "<h1>PTO Notifications</h1>";
+  print "<p>Oh noes! The following fields weren't in the right formats!</p>";
+  print "<pre>". implode(", ", $failures) ."</pre>";
+  require_once "./templates/footer.php";
+  die;
+}
+
+
 $notifier_email = $_SERVER["PHP_AUTH_USER"];
 $data = ldap_find(
-  $connection, "mail=". $notifier_email, array("givenName", "sn", "manager", "cn")
+  $connection, "mail=". $notifier_email, array("manager", "cn")
 );
 $notifier_name = $data[0]["cn"][0];

 $manager_dn = $data[0]["manager"][0];
 // "OMG, not querying LDAP for the real email? That's cheating!"
-preg_match("/mail=([a-z]+@mozilla\\.com),/", $manager_dn, $matches);
+preg_match("/mail=([a-z]+@mozilla.*),o=/", $manager_dn, $matches);
 $manager_email = $matches[1];

 $data = ldap_find(
@ -37,10 +58,13 @@ if (isset($_POST["cc"]) && $_POST["cc"] == "1") {
 $banned = array();
 $allowed = array();
 while ($check = array_pop($notified_people)) {
-  $match = null;
-  preg_match("/<?(.+@mozilla\\.com)/", $check, $match);
-  $bracket = strpos($match[1], '<');
-  $address = $bracket === FALSE ? $match[1] : substr($match[1], $bracket + 1);
+  $check = trim($check);
+  if (in_string($check, '<') && in_string($check, '>')) {
+    $check = explode('>', $check);
+    $check = explode('<', $check[0]);
+    $check = $check[1];
+  }
+  $address = $check;
  if (in_array($address, $mail_blacklist)) {
    $banned[] = $check;
  } else {
--- a/templates/header.php
+++ b/templates/header.php
@ -1,7 +1,7 @@
 <!DOCTYPE html>
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" dir="ltr">
  <head>
-    <title>PTO Submitted</title>
+    <title>Mozilla PTO</title>
    <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
    <script src="./js/jquery-1.3.2.min.js" type="text/javascript"></script>
    <script src="./js/jquery-ui-1.7.2.custom.min.js" type="text/javascript"></script>